Will Huge Chip Vulnerabilities Lead To Mass Intel, AMD And ARM Recalls?

[RV_]

The last Windows updates were an emergency update due to Intel flaws causing vulnerabilities. The defective Intel chips are in all Apple and Windows computers and since the Linux folks use x86/Windows boxes, them as well. Some cell phones are also affected.

I will hang in there and pass along what I find out, but I am not buying any computers or phones, new or used, until either Intel produces a firmware fix that does not slow them down, or announces new chips in new computers that no longer have the flaws for Spectre and Meltdown. All computer owners will see patches coming out unscheduled and unannounced as they try to fix these.

If you own an Apple you really need to read this in full too:

Will Huge Chip Vulnerabilities Lead To Mass Intel, AMD And ARM Recalls?

Excerpt:

"Back when models of Jeep were determined vulnerable to cyberattack in 2015, Fiat Chrysler announced a recall of 1.4 million cars. Should the same happen for computers when vulnerabilities aren't entirely fixable with software updates alone?

This is the question being asked after the Meltdown and Spectre vulnerabilities were revealed yesterday, affecting almost every modern computer in existence, in particular those based on Intel, AMD and ARM processors. Whilst software patches are coming and should do much to mitigate real-world attacks, the U.S.-government sponsored Computer Emergency Response Team (CERT) running out of Carnegie Mellon stated Wednesday that the true, long-term solution was simply to replace the vulnerable computer chips entirely. "The underlying vulnerability is primarily caused by CPU architecture design choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware," the body wrote.

Could recalls be necessary? While it may be technically accurate to say a completely redesigned chip is the ultimate solution, it's hugely unlikely customers are going to get free fresh devices. Vendors haven't mentioned anything of the sort. And, some say, large-scale hardware replacements would amount to a needless, over-the-top reaction.

Don't expect a free new PC

The more concerning issue from a long-term perspective is Spectre, which tricks applications into coughing up pieces of their memory. As the researchers noted yesterday, it's harder to exploit, but trickier to effectively patch with software. Not to mention there aren't any fixes currently available for the specific issue, whilst many patches are coming for Meltdown.

As the researchers noted in their whitepaper Wednesday: "While makeshift processor-specific countermeasures are possible in some cases, sound solutions will require fixes to processor designs." Or as one of the paper's contributors, Daniel Gruss, told Forbes: "We believe that Spectre might haunt us for a longer while since it is difficult to generically mitigate it." Making matters worse is that attacks can exploit Spectre via malicious websites running Javascript, according to the researchers (a fact later confirmed by Mozilla in its advisory).

Ultimately, chip makers like Intel will now be ensuring future chips won't have the same problems, so it's possible those running highly critical systems where information leakage is unacceptable will want to replace their own hardware. Cybersecurity expert Rob Graham said that upgrading to newer Intel processors from older ones could also prevent loss of performance, an issue that the chip maker admitted could affect certain computer speeds, depending on the workload.

All that isn't to say consumers don't deserve better from their tech providers, said Matthew Hickey, director of cybersecurity company Hacker House. "CPU bugs have never resulted in a recall before as they get patched with microcode... This is a good case for arguing that we should have better protections as consumers for our technology. We would recall cars if they weren't safe, why not faulty hardware?" (As an alert reader pointed out, there has been a CPU recall before, in 1994 when a bug was uncovered in an Intel Pentium processor)."

Source Forbes here:

https://www.forbes.com/sites/thomasbrewster/2018/01/04/intel-arm-amd-no-recalls-for-meltdown-spectre-vulnerabilities/#27fc04717d3a

Here Are All The Available Fixes You Need For Those Huge Chip Hacks -- UPDATED

For concerned users, see this list of the available fixes for Meltdown and Spectre from major tech manufacturers. Below:

'UPDATE After publication, the CERT changed its guidance from suggesting replacement of CPUs to recommending updates. It wrote the following: "Operating system and some application updates mitigate these attacks."

The official US government CERT (US-CERT) run out of the Department of Homeland Security still warned: "Due to the fact that the vulnerability exists in CPU architecture rather than in software, patching may not fully address these vulnerabilities in all cases."

Source: Forbes article with hot links to related articles and more is here:

https://www.forbes.com/sites/thomasbrewster/2018/01/04/google-microsoft-apple-updates-for-meltdown-spectre-intel-processor-vulnerabilities/#6df72cff5c31